Share This Page

Techbliss OwnerAdminIda Pro ExpertDeveloper

LoadProcConfig is an IDA Plugin to load processor configuration files.
With just a couple of clicks configuration files can turn this: Into this, adding memory regions, entries and registers/ports: By default IDA is shipped with configuration files for many processors in IDA/cfg folder. These configuration files are loaded automatically when corresponding processor module is loaded.
However, this approach has some disadvantages:

You have to keep your own configuration files inside IDA

There is no easy way to load and apply configuration file on existing database

Most important, ARM processor module doesn't have configuration file

Current plugin was implemented to address all these issues.Installation

Just copy LoadProcConfig.pmc and LoadProcConfig.pmc64 to IDA plugins folder.Usage

From Edit / Plugins menu choose Load Processor Config.
Then open configuration file using the file dialog. IDA will parse this file and display all available devices.
Pick your device and press OK.Choose what do you want to load from this configuration file. Plugin will reanalyse entire database using device description and create additional memory regions.Configuration files

There are many configuration files in IDA/cfg folder. While the format has no proper documentation, we can get some ideas by looking into idasdk/module/iocommon.cpp
Every configuration includes following parts:
; Default device in current configuration file
.default MYDEVICE

Member

NOTE: The files i sent before only recompiled version of original plugin !!!

I attached some files if anyone interested to work on SVD. There is an DISCO.HEX file if you want to test original plugin i sent above. Just open it with IDA, set processor to ARM little endian. After IDA finish analyzing use LoadProcConfig and load STM32F407VG config from original plugin pack to see it works.

if you want to compare why it is important. Load DISCO.axf to IDA and you will see that there is no MCU related memory address space registers but tons of usefull other kind of debug information. .HEX is for production .AXF is for development.

What is CMSIS SVD ?
The CMSIS System View Description format(CMSIS-SVD) formalizes the description of the system contained in ARM Cortex-M processor-based microcontrollers, in particular, the memory mapped registers of peripherals. The detail contained in system view descriptions is comparable to the data in device reference manuals. The information ranges from high level functional descriptions of a peripheral all the way down to the definition and purpose of an individual bit field in a memory mapped register.

STM32F40x.svd - CMSIS SVD Compatible MCU Hardware Descripition File
DISCO.hex - An example firmware for STM32F407-DISCOVERY Evaluation kit.
DISCO.axf - ELF ARM Binary of firmware above. I attached it for further examination. It has lots of debugging info but not predefined MCU registers of peripheral address space of MCU.
Check thirdparty Python library to parse SVD files below.https://github.com/posborne/cmsis-svd
SVD mostly used for define MCU hardware address space as you see above. When we are debugging code in MCU via a JTAG probe like Jlink, we can see all peripheral registers, SRAM, Flash via information SVD provided. IDA support Jlink debugger via GDB but it is non HW aware. IDA work only on core of MCU as here Cortex-M4(ARMv7-M) but it cant tell us which address is what (mostly). So we need to manually define this address space as in LoadProcConfig to describe peripherals, IO, memory, etc.
If IDA could use information in SVD files. it will be very handy for embedded firmware security testing and reversing of course .
CMSIS is an ARM platform to support all IPs including Cortex-M, Cortex-A, Cortex-R. So as you may know nearly all tablet, phone, etc. hardware include one of theese today.